On Sun, Feb 04, 2007 at 02:09:15PM -0500, Zachary P. Landau wrote: > At this point, you own the file and have > 0600 permissions on it, so nobody else can open it. Even if you close > the file immediately after, you still can safely assume that nobody else > controls the file.
If the directory really is world writable, other users can _delete_ the (or any) file even if they don't own it, because they are really only writing to the _directory_, removing the file name (but not any open handles) from it. They can then create a new entry in the directory, with the same name, like a symbolic link to /home/darcs-user/very-important-file. That's not good if darcs opens it by name with darcs-user's privileges, and writes to it. I think most /tmp dirs have the t-flag set, which means you must be the owner of a file to delete it from the directory. In those cases it seems safe, but I don't know for certain. Even with the t-flag, if the file will be used for a long time, there's the possibility of tmp-reapers removing the file, but that is of course not darcs' fault. -- Tommy Pettersson <[EMAIL PROTECTED]> _______________________________________________ darcs-devel mailing list darcs-devel@darcs.net http://lists.osuosl.org/mailman/listinfo/darcs-devel
